(a) The Baltimore City Youth Data Hub and manager may use only aggregated, de-identified data for conducting any analysis, research, and reporting to the executive committee, the public, or otherwise.

(b) Direct access to personally identifiable information in the Baltimore City Youth Data Hub shall be restricted to the manager and the manager’s authorized staff or contractors only for authorized purposes and lawful quality control.

(c) On the receipt of data, the manager or its designated technology vendor shall work with providers to promptly extract and upload the data into the Baltimore City Youth Data Hub’s data management system for aggregation and de-identification.

(d) Immediately after aggregating personally identifiable information in the data management system, the manager shall destroy any copies of the personally identifiable information existing outside the data management system in a manner such that, after aggregation, the manager does not possess or retain any personally identifiable information outside the data management system.

(e) The Baltimore City Youth Data Hub may not use its data management system for queries to produce any personally identifiable information or reports that contain any personally identifiable information.